kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
staticPodPath: "/etc/kubernetes/manifests"
syncFrequency: 1m0s
fileCheckFrequency: 20s
httpCheckFrequency: 20s
address: 0.0.0.0
readOnlyPort: 0
port: {{ pillar['kubernetes']['lookup']['kubelet']['port'] }}
tlsCertFile: "{{ pillar['ssl']['kubelet_crt'] }}"
tlsPrivateKeyFile: "{{ pillar['ssl']['kubelet_key'] }}"
TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
rotateCertificates: true
authentication:
  x509:
    clientCAFile: "{{ pillar['ssl']['ca_file'] }}"
  webhook:
    enabled: true
    cacheTTL: 2m0s
  anonymous:
    enabled: false
authorization:
  mode: AlwaysAllow
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
healthzPort: 10248
healthzBindAddress: 127.0.0.1
clusterDomain: {{ pillar['kubernetes']['lookup']['kubelet']['dns']['domain'] }}
clusterDNS:
  - {{ pillar['kubernetes']['lookup']['kubelet']['dns']['cluster_ip'] }}
nodeStatusUpdateFrequency: 10s
cgroupRoot: "/"
cgroupsPerQOS: true
cgroupDriver: cgroupfs
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
runtimeRequestTimeout: 2m0s
streamingConnectionIdleTimeout: 5m0s
maxPods: 110
podPidsLimit: -1
{% if grains['os'] == "Ubuntu" %}
resolvConf: "/run/systemd/resolve/resolv.conf"
{% else %}
resolvConf: "/etc/resolv.conf"
{% endif %}
cpuCFSQuota: true
maxOpenFiles: 1000000
contentType: application/vnd.kubernetes.protobuf
serializeImagePulls: true
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
enableControllerAttachDetach: true
makeIPTablesUtilChains: true
iptablesMasqueradeBit: 14
iptablesDropBit: 15
failSwapOn: true
containerLogMaxSize: 10Mi
eventRecordQPS: 0
containerLogMaxFiles: 5
systemReservedCgroup: system
kubeReservedCgroup: podruntime.slice
enforceNodeAllocatable:
  - pods
